Information technology (IT) systems routinely collect audit and event logs for a variety of applications such as intrusion detection, forensics, fraud detection, network monitoring, and quality control. In the healthcare industry, audit logs play a critical role in tracking patient medical history, drug development, and research. Recently, audit logs have been increasingly important as a means of assuring compliance with financial and legal regulations.
For reliable use of audit logs, the integrity of the data, i.e., the fact that the data has not been corrupted since it entered the system, either accidentally or maliciously, must be maintained. Integrity as used herein does not include the case where the data may have been corrupted before entering the system, for example due to human data entry errors.
For certain applications, strong assurances of data integrity without relying on virtual and physical access control as the primary means of protection are desirable. Cryptographic techniques are particularly well-suited for these situations. For example, records could be signed using public-key signature algorithms for later verification.
However, some cryptographic techniques may not be directly compatible with certain practical requirements, for the following reasons.
Information may be subject to data lifecycle and retention requirements. In some situations, companies may be required to retain data for a specified time period, after which deletion of the data may be desirable. It is a common requirement of privacy laws that a company delete personally identifiable information after it is no longer needed for the purpose for which it was collected. In addition, users may request that their data be removed from a company's system.
Cryptographic techniques typically establish the integrity of an entire set of data in original form. These techniques do not apply to establishing the integrity of any derived subset of the data. Although the derived data may be signed again, there is no correspondence between the integrity of the original and the derived data.